Re: LDAP access question

[Tony Earnshaw <tonni@billy.demon.nl>]

tor, 2002-08-22 kl. 14:50 skrev Peter Furmonavicius:

> Hello.  I can restrict what LDAP searches return by using statements 
> such as the following in my "slapd.conf" file.  For example, to not 
> return the attribute values for "employeeNumber"...
> --------------
> access to attr=employeeNumber
>         by dn="cn=boss,dc=here,dc=com"  write
>         by users read
>         by * none
> --------------
> However, I have been unsuccessful in figuring out a way to not return 
> the "objectclass", or objectclass values.  Can anyone help me out 
> with this?  I do not want the "objectclass"es returned to any 
> anonymous searches.

Many have asked this question, none have received answers.

I'm also curious and would like this possibility, but it doesn't seem
possible. There are also other things I'd like to hide, such as a
posixAccount user's uidNumber and gidNumber and homeDirectory. It's got
nothing to do with anyone but the admin. But if I do that, they don't
know who they are when they log in.

Curious.

Best,

Tony

-- 

Tony Earnshaw

The usefulness of RTFM is vastly overrated.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl
gpg public key:	http://www.billy.demon.nl/tonni.armor

Telefoon:	(+31) (0)172 530428
Mobiel:		(+31) (0)6 51153356

GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981
3BE7B981